You can save the key in a file, avoiding entering the passphrase manually at each boot.
Since this key will be stored on the encrypted volume (/boot will be encrypted somewhat later),
this can be harmless.

NOTE:
The UUID should not be quoted in the /etc/crypttab file, otherwise the dracut will ignore it. (Bug ?)

The familiar mkinird command is now the shell wrapper for the dracut command
and is less flexible in its options than dracut itself,
so the dracut command is used directly without a wrapper.
Here, the --add-device option is required,
otherwise dracut will not include our device in the initrd
as it detects that device still not used by the system yet and does not required for boot process.
The --install option will add our key to the initrd.

Restart the server now.
Because of the "rd.break" option added to grub.cfg,
you can verify that the initrd has successfully activated our encrypted volume.
Use "exit" to exit the debug shell and continue the download.

Once everything works as it should, move the data to encrypted volume:

Now our server runs on a fully encrypted disk, but GRUB requests a password to decrypt /boot at the boot time.
It's not so convenient.
The server should be booted automatically and without human intervention.
A promising project is the johnlane GRUB cryptomount extention,
which allows you to hide the key for the GRUB.
However, the configuration file still open and allows reverse decryption.

In addition, this is not a solution for creating a closed packed embedded system,
because you must provide at least a key for GRUB, and the rest can be decrypted in reverse order.